Total
6561 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43374 | 2 Netapp, Vim | 3 Bootstrap Os, Hci Compute Node, Vim | 2025-08-25 | 4.5 Medium |
| The UNIX editor Vim prior to version 9.1.0678 has a use-after-free error in argument list handling. When adding a new file to the argument list, this triggers `Buf*` autocommands. If in such an autocommand the buffer that was just opened is closed (including the window where it is shown), this causes the window structure to be freed which contains a reference to the argument list that we are actually modifying. Once the autocommands are completed, the references to the window and argument list are no longer valid and as such cause an use-after-free. Impact is low since the user must either intentionally add some unusual autocommands that wipe a buffer during creation (either manually or by sourcing a malicious plugin), but it will crash Vim. The issue has been fixed as of Vim patch v9.1.0678. | ||||
| CVE-2025-49733 | 1 Microsoft | 13 Windows, Windows 10, Windows 10 1809 and 10 more | 2025-08-23 | 7.8 High |
| Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49725 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-23 | 7.8 High |
| Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49724 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-08-23 | 8.8 High |
| Use after free in Windows Connected Devices Platform Service allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-49703 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-08-23 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49700 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-08-23 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49699 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-08-23 | 7 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49698 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-08-23 | 7.8 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49695 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-08-23 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49685 | 1 Microsoft | 8 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 5 more | 2025-08-23 | 7 High |
| Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49682 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 5 more | 2025-08-23 | 7.3 High |
| Use after free in Windows Media allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49675 | 1 Microsoft | 18 Windows, Windows 10, Windows 10 1507 and 15 more | 2025-08-23 | 7.8 High |
| Use after free in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49665 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-23 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Workspace Broker allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49660 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-08-23 | 7.8 High |
| Use after free in Windows Event Tracing allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-48821 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-08-23 | 7.1 High |
| Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. | ||||
| CVE-2025-48806 | 1 Microsoft | 16 Mpeg-2 Video Extension, Windows 10 1507, Windows 10 1607 and 13 more | 2025-08-23 | 7.8 High |
| Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. | ||||
| CVE-2025-48000 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-23 | 7.8 High |
| Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49735 | 1 Microsoft | 9 Server, Windows, Windows Server and 6 more | 2025-08-23 | 8.1 High |
| Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-49726 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 9 more | 2025-08-23 | 7.8 High |
| Use after free in Windows Notification allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-49711 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2025-08-23 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||